Studies have shown that most small business owners feel their businesses are vulnerable to cyberattacks. Yet many small businesses cannot afford professional IT solutions, have limited time to devote to cybersecurity, and don’t know where to begin.
Start by learning about common cybersecurity best practices, understanding common threats, and dedicating resources to address and improve your cybersecurity.
Educate your employees
Regularly update your employees on new protocols. The more your employees know about cyber-attacks and how to protect your data, the safer your business will be. Send out regular reminders not to open attachments or click on links in emails from people they don’t know or expect. Train employees to double check if they get rush requests to issue unexpected payments—a common scam.
Implement safe password practices
Many data breaches occur due to weak, stolen, or lost passwords. It’s crucial that all employee devices accessing the company network are password protected. Require employees to change their passwords regularly by automatically prompting them to change their passwords every 60 to 90 days.
Use strong passwords
Using strong passwords is an easy way to improve your cybersecurity. Be sure to use different passwords for your different accounts. A strong password includes:
- 10 characters or more
- At least one uppercase letter
- At least one lowercase letter
- At least one number
- At least one special character
Use multi-factor authentication or password management software
Implement multi-factor authentication that requires additional information beyond a password to gain entry. Check with your vendors that handle sensitive data, especially financial institutions, to see if they offer multi-factor authentication for your account. Password management software will encrypt your password database and only require you to remember one password.
When you can use multi-factor authentication, use it. Cloud databases are commonly hijacked when users haven’t turned on authentication or when they’ve left outdated versions exposed. Cloud infrastructure vulnerabilities are a serious threat, be sure to establish safe practices when using and accessing cloud services; don’t pass the responsibility of security to the cloud provider.r.
Make sure you have the right partners and platforms
Your cyber security is only as good as the security of the platforms and partners your business depends on. Ensure that you have the following:
- A WAF (web application firewall) to protect your site.
- A Level 1 compliant ecommerce platform PCI-DSS (payment card industry data security standards). This protects your business against digital data security breaches across your entire payment network, not just a single card.
- A website hosting company that is regularly patching security vulnerabilities to reduce the likelihood of attacks.
- Antivirus software installed on all company computers.
Secure your hardware
Data breaches can also be caused by physical property being stolen. Your servers, laptops, cell phones, and other electronics must be secured. Security cameras and alarms are helpful but the best way to secure devices is to physically lock down computers and servers. Ensure that employees that are working from home, a coworking space, or a traditional office, understand how to keep their company equipment protected.
Regularly back up all data
No matter how vigilant you are with your cyber security strategies, data breaches can still happen. The most important information to back up is databases, financial files, human resources files and accounts receivable/payable files. You should also back up all data stored on an online drive and check your backup regularly to ensure that it’s functioning properly.
Use antivirus software and keep all software updated
Make sure all your business’s computers are equipped with antivirus software and are updated regularly. One of the number one cyber risks small business face are vulnerabilities due to neglecting regular patching and updates. All software vendors regularly provide patches and updates to their products to correct security problems and improve functionality. It is recommended to configure all software to install updates automatically. In addition to updating antivirus software, it is key to update the software associated with operating systems, web browsers, and other applications, as this will help secure your entire infrastructure.
Implement formal security policies.
Putting security policies in place is essential to protecting your system. Protecting the network should be a priority for everyone who uses it. Regularly hold meetings and seminars on the best cyber security practices, the importance of strong passwords, identifying and reporting suspicious emails, activating multi-factor authentication, and not clicking on links and downloading attachments in emails.
Practice your incident response plan.
Despite your best efforts, there may come a time when your company falls prey to a cyberattack. If that day comes, it’s crucial your staff can handle the fallout. By developing a response plan, an attack can be quickly identified and addressed before doing too much damage. The plan should include who to contact, where data backups are stored, and when to contact law enforcement. The Federal Communications Commission offers a cyberplanner to help small business owners create a plan to protect their business.
Request a Vulnerability Assessment
Have a Vulnerability assessment (VA) performed to test your computers and networks to identify and rank their weaknesses. Some small-to-medium enterprises (SMEs) don’t implement them, largely because they are perceived to be complicated and expensive.
There are several reasons why you need to take a proactive approach to securing your business. One of the main reasons is that basic network security measures such as Antivirus software, (IDS)Intrusion Detection Systems and firewalls are not enough to provide adequate protection by themselves. The increasing sophistication and growing variety of malware attacks make these protections inadequate.
Performing a VA helps significantly by examining your network and identifying weak points that can be exploited by the latest attacks that basic protections are unable to detect.